Weekly Privacy News Update – Episode 03


The Federal Trade Commission Commissioner considering restrictions on companies using data for tracking and profiling

Federal Trade Commissioner Rebecca Kelly Slaughter spoke at the National Advertising Division’s annual conference, a unit of the BBB National Programs. She spoke of a potential “minimization framework” aiming to disable surveillance advertising. She also identified growing issues with businesses that focus on data monetization and “indiscriminate” data collection practices (i.e., data collection that could potentially result in civil rights violations, misinformation, and competitive harms).

Sources: IAPP, MediaPost

Germany’s Data Protection Authority (DPA) provides updated guidance on international data transfers

Germany’s DPA updated their international data transfer FAQs in the context of the updated Standard Contractual Clauses (SCCs). Covers legal concepts and describes responsibilities of the parties involved in the data transfer like ‘What is a controller?’; ‘Can I be a controller and processor at the same time?’ and ‘How do jointly responsible determine who has which duties? Do you need a contract?’ and more.

Sources: IAPP, Datenschutz

Brazil’s DPA issues an information security guide for smaller data processors for LGPD compliance

Information security guide lists suggested administrative and technical measures for LGPD compliance. The DPA also published a checklist outlining how to adopt suggested measures. Brazil’s DPA aims to provide tools and document templates to help organizations understand how to protect personal data in accordance with the law.

Sources: IAPP, Gov.br

The latest luxury trend? Marketing using Zero Party data

Marketing for luxury brands is trending away from first and third-party cookies. Instead, luxury brands are moving towards using “zero-party” data (i.e., data that a consumer willingly provides through a relationship with the company).

Sources: IAPP, Digiday, Vogue Business

State Legislation

Massachusetts Legislature will hold a hearing on October 13 to consider at least seven data privacy-related bills, including Bill S.46–the proposed Massachusetts Information Privacy Act.

Sources: IAPP, MA legislature

California: Gov. Newsom approves Assembly Bill 694 amending the CCPA / CPRA, including clarifying timing for CPRA rule-making (as we saw last week – the California Privacy Protection Agency kicked off preliminary information gathering for that rule-making effort).

Sources: IAPP, CA.gov

Federal Legislation

Legislators reintroduce KIDS (Kids Internet Design and Safety Act) Act – which, among other things, would ban “auto-play” settings and follower counts.

Sources: IAPP, Ed Markey

Catalyst for action: This week, during the hearing with Facebook whistleblower Frances Haugen, lawmakers explicitly called for action to create federal privacy legislation.

Sources: IAPP, WSJ

International Legislation

India: India’s proposed privacy law, the Personal Data Protection Bill’s proposed amendments are backed up for consideration on October 20 when the Joint Parliamentary committee reconvenes.

Sources: IAPP, The Indian Express

South Korea: South Korea’s Personal Information Protection Commission issued guidance that includes plans to launch an agency for managing pseudonymization agency, data security measures recommended for organizations, encryption practices, and more.

Sources: IAPP, PIPC

Privacy Tech

Gretel AI: Synthetic data tech startup raises $50M in Series B funding

  • Platform for engineers to create anonymized and synthetic data based on actual data sets.
  • Potentially could eliminate risks around data breaches exposing personal information

Sources: IAPP, Tech Crunch

Duality Technologies: Privacy-enhancing data platform raises $30M in Series B funding round

  • Enables collaboration on sensitive data without compromising on data privacy and business confidentiality
  • Protects data through homomorphic encryption

Sources: IAPP, VentureBeat

Further reading from this week:

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources